CVE-2025-40091

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ixgbe: fix too early devlink_free() in ixgbe_remove()<br /> <br /> Since ixgbe_adapter is embedded in devlink, calling devlink_free()<br /> prematurely in the ixgbe_remove() path can lead to UAF. Move devlink_free()<br /> to the end.<br /> <br /> KASAN report:<br /> <br /> BUG: KASAN: use-after-free in ixgbe_reset_interrupt_capability+0x140/0x180 [ixgbe]<br /> Read of size 8 at addr ffff0000adf813e0 by task bash/2095<br /> CPU: 1 UID: 0 PID: 2095 Comm: bash Tainted: G S 6.17.0-rc2-tnguy.net-queue+ #1 PREEMPT(full)<br /> [...]<br /> Call trace:<br /> show_stack+0x30/0x90 (C)<br /> dump_stack_lvl+0x9c/0xd0<br /> print_address_description.constprop.0+0x90/0x310<br /> print_report+0x104/0x1f0<br /> kasan_report+0x88/0x180<br /> __asan_report_load8_noabort+0x20/0x30<br /> ixgbe_reset_interrupt_capability+0x140/0x180 [ixgbe]<br /> ixgbe_clear_interrupt_scheme+0xf8/0x130 [ixgbe]<br /> ixgbe_remove+0x2d0/0x8c0 [ixgbe]<br /> pci_device_remove+0xa0/0x220<br /> device_remove+0xb8/0x170<br /> device_release_driver_internal+0x318/0x490<br /> device_driver_detach+0x40/0x68<br /> unbind_store+0xec/0x118<br /> drv_attr_store+0x64/0xb8<br /> sysfs_kf_write+0xcc/0x138<br /> kernfs_fop_write_iter+0x294/0x440<br /> new_sync_write+0x1fc/0x588<br /> vfs_write+0x480/0x6a0<br /> ksys_write+0xf0/0x1e0<br /> __arm64_sys_write+0x70/0xc0<br /> invoke_syscall.constprop.0+0xcc/0x280<br /> el0_svc_common.constprop.0+0xa8/0x248<br /> do_el0_svc+0x44/0x68<br /> el0_svc+0x54/0x160<br /> el0t_64_sync_handler+0xa0/0xe8<br /> el0t_64_sync+0x1b0/0x1b8